Re: UDP catchall
- From: Matus Harvan <mharvan@xxxxxxxxxxx>
- Date: Wed, 31 Oct 2007 02:21:04 +0100
On Tue, Oct 30, 2007 at 09:04:11PM +0100, Jeremie Le Hen wrote:
I can think of a possible implementation of mtund(8) without kernel
patching. The next pf(4) import from OpenBSD will likely allow to log
to some particular pflog(4) interface (instead of the default pflog0).
It will then be possible to create a couple of rules matching one or
more ranges of ports and logging to, say, pflog1. Reading on the
latter, mtund(8) will immediately open a socket bound to the
corresponding port. This is a kind of port knocking. Thanks to TCP
retransmission algorithm or mtunc(1)'s cleverness in case of UDP socket,
the second packet should hit mtund(8).
One downside is that it requires a bunch of configuration in pf.conf(5),
so it may not be as straightforward to set up as one may have expected.
I don't know TCP internals, it may affect TCP slow start or have some
other minor drawbacks. But hey, we're talking about bypassing firewall
:-)...
If an RST packet is generated in response to the first TCP SYN packet,
then the firewall, which we're trying to pass, might decide that the
port in question is closed and delete/modify the state for the TCP
connection. If the RST packet hits the sender of the SYN packet then
there might be no retransmission as the sender would think the TCP
port is closed.
Matus
Attachment:
pgpR2DOOyUVNh.pgp
Description: PGP signature
- References:
- Re: UDP catchall
- From: Matus Harvan
- Re: UDP catchall
- From: Bruce M. Simpson
- Re: UDP catchall
- From: Brooks Davis
- Re: UDP catchall
- From: Bruce M. Simpson
- Re: UDP catchall
- From: Jeremie Le Hen
- Re: UDP catchall
- Prev by Date: Re: UDP catchall
- Next by Date: Re: em watchdog problem
- Previous by thread: Re: UDP catchall
- Next by thread: Re: UDP catchall
- Index(es):
Relevant Pages
|
